SEC Division of Examinations 2025 Exam Priorities – a Focus on Artificial Intelligence, Private Funds, and Cybersecurity

On October 21, 2024, the U.S. Securities and Exchange Commission’s (“SEC”) Division of Examinations (“EXAMS”) announced its 2025 Examination Priorities (the “2025 Priorities”), highlighting areas that it expects to target during examinations in 2025. The 2025 Priorities reinforce many of the same areas of focus as the 2024 priorities, including investment advisers to private funds, conflicts of interest disclosures, Regulation Best Interest (“Reg BI”), cybersecurity, and crypto assets. The 2025 Priorities also signal heightened attention to emerging areas of concern, including the use of artificial intelligence (“AI”) and client exposure to commercial real estate.

Registered investment advisers (“RIAs”), registered investment companies (“RICs”), and broker-dealers should carefully review the 2025 Priorities to ensure their compliance systems and policies are up to date, monitored, and enforced. Indeed, given the SEC’s history of pursuing enforcement actions in areas highlighted in prior years as Examination Priorities, appropriate attention to the 2025 Priorities today could save regulated entities considerable resources down the road.[1]

Key Takeaways

• The 2025 Priorities highlight recently adopted SEC rules and amendments to existing SEC rules as new risk areas for 2025, including: (1) amendments to Form PF; (2) Regulation SE under the Exchange Act; (3) amendments to Regulation S-P; and (4) amendments to Rule 15c6-1 and new Rule 15c6-2 under the Exchange Act. Registrants should update their written policies and procedures to reflect the new and amended rules and should prepare for EXAMS to closely assess those procedures and the registrants’ compliance with the new and amended rules.
• The 2025 Priorities make clear that EXAMS will continue its focus on private fund advisers, including portfolio management risks when there is exposure to market volatility and higher interest rates, whether disclosures are consistent with actual practices, and the accuracy of calculations and allocations of private fund fees and expenses (both fund-level and investment-level).
• Registrants should remain vigilant in identifying, mitigating, and disclosing conflicts of interest that can impact clients and customers, especially those related to the use of affiliates, outsourcing investment selection and management, revenue sharing arrangements (including in connection with selling non-securities-based products), and offering lower fee rates to select clients. Given the SEC’s use of quantitative analysts and financial engineers to perform data analytics when identifying potential exam candidates, registrants should continue to ensure that they include accurate and consistent information across their filings or risk attracting additional attention from SEC examiners.
• EXAMS will continue to examine broker-dealers on their practices related to Reg BI, with a particular focus on recommended products that are complex, illiquid, or present higher risk to investors, as well as recommendations made using automated tools.
• As a perennial examination priority, EXAMS will continue to focus on cybersecurity practices by registrants, including assessing whether registrants’ procedures and practices reasonably manage information security and operational risks.
• Examinations of registrants will continue to focus on the offer, sale, recommendation, advice, trading, and other activities involving crypto assets that are offered and sold as securities or related products.
• The 2025 Priorities state that RIAs and RICs that have not been examined previously or have not been examined in a number of years will be a focus area for 2025. Such firms should consider conducting a self-audit of their compliance program and regulatory filings (or engaging a third party to conduct a mock audit) to ensure that they are prepared for any forthcoming examination.

Risk Areas Impacting Various Market Participants

Cybersecurity

The 2025 Priorities reiterate that operational disruption risks remain elevated due to the proliferation of cybersecurity attacks, firms’ dispersed operations, weather-related events, and geopolitical concerns. As a perennial examination priority, EXAMS will continue to focus on cybersecurity practices by registrants, including assessing whether registrants’ procedures and practices reasonably manage information security and operational risks. Particular attention will be on firms’ policies and procedures, governance practices, data loss prevention, access controls, account management, and responses to cyber-related incidents.

Regulation S-ID and Regulation S-P

EXAMS will assess registrant compliance with Regulations S-ID and S-P, as applicable, including registrants’ progress in preparing to comply with the SEC’s amendments to Regulation S-P, adopted on May 16, 2024. The amendments require the adoption of policies and procedures for incident response programs and service provider oversight, expand the definition of “customer information,” establish a new minimum standard for data breach notifications, and impose new recordkeeping obligations.[2] EXAMS anticipates conducting targeted outreach to the securities industry and engaging with firms during examinations about their progress in preparing to establish incident response programs required under the amended rule. This suggests that registrants should anticipate questions from EXAMS staff about their efforts to comply with the Regulation S-P amendments prior to the applicable compliance date.[3]

Shortening of the Settlement Cycle

On February 15, 2023, the SEC adopted amendments to Rule 15c6-1 to shorten the standard settlement cycle for transactions in most securities to one business day after the trade date (“T+1”).[4] In 2025, EXAMS will evaluate broker-dealer compliance with the amended rule, as well as compliance with Rule 15a6-2 under the Exchange Act, which requires broker-dealers engaging in the allocation, confirmation, or affirmation process to have written agreements or written procedures reasonably designed to ensure completion of the process as soon as practicable and no later than the end of day on trade date (“T+0”). We expect that the SEC staff will continue to monitor fails-to-deliver data closely and test compliance with the close-out requirement of Rule 204 of Regulation SHO.

AI and Other Emerging Financial Technologies

The Division remains focused on registrants’ use of certain services, such as automated investment tools, AI, and trading algorithms or platforms, and the risks associated with their use. The 2025 Priorities note that EXAMS will, in particular, examine firms that employ certain digital engagement practices, such as digital investment advisory services, recommendations, and related tools and methods. These examinations will assess whether (1) representations are fair and accurate, (2) operations and controls in place are consistent with disclosures made to investors, (3) algorithms produce advice or recommendations consistent with investors’ investment profiles or stated strategies, and (4) controls to confirm that advice or recommendations resulting from digital engagement practices are consistent with regulatory obligations to investors, including older investors. The SEC staff appears to be keenly focused on the use of AI in the front-office context, although there will be continued scrutiny of middle and back-office use.

With respect to AI, EXAMS will focus its examinations on the following:

• registrant representations regarding their AI capabilities or AI use for accuracy;
• whether firms have implemented adequate policies and procedures to monitor and/or supervise their use of AI, including for tasks related to fraud prevention and detection, back-office operations, anti-money laundering (“AML”), and trading functions, as applicable;
• firm integration of regulatory technology to automate internal processes and optimize efficiencies; and
• how registrants protect against loss or misuse of client records and information that may occur from the use of third-party AI models and tools.

Crypto Assets

The 2025 Priorities reiterate EXAMS’ focus on monitoring and conducting examinations of registrants offering crypto asset-related services. Examinations of registrants will continue to focus on the offer, sale, recommendation, advice, trading, and other activities involving crypto assets that are offered and sold as securities or related products. We expect that the SEC staff will coordinate priorities with FINRA to maximize regulatory focus in this space.[5]

Investment Advisers

Adherence to Fiduciary Standards of Conduct

The 2025 Priorities remain focused on investment advisers’ adherence to their fiduciary duties, including whether their investment advice regarding products, investment strategies, and account types satisfies their duty of care and duty of loyalty obligations owed to their clients.

In particular, EXAMS will continue to focus on recommendations provided to clients related to (1) high‑cost products, (2) unconventional instruments, (3) illiquid and difficult-to-value assets, and (4) assets sensitive to higher interest rates or changing market conditions, including commercial real estate. With respect to dual registrants and investment advisers with affiliated broker-dealers, EXAMS will focus on (1) assessing investment advice and recommendations regarding certain products to determine whether they are suitable for clients’ advisory accounts, (2) reviewing disclosures to clients regarding the capacity in which recommendations are made, (3) reviewing the appropriateness of account selection practices, and (4) assessing whether and how investment advisers adequately mitigate and fairly disclose conflicts of interest.

Effectiveness of Investment Advisers’ Compliance Programs

The 2025 Priorities reiterate that the effectiveness of investment advisers’ compliance programs is a fundamental part of the examination process and note that examinations will continue to focus on (1) whether such policies adequately address any outsourcing of investment selection and/or management functions, (2) any alternative sources of revenue or benefits that the advisers receive, and (3) the appropriateness and accuracy of fee calculations and the disclosure of any fee-related conflicts.

The 2025 Priorities indicate that EXAMS will perform a more in-depth review of certain practices, including the use of AI or client exposure to commercial real estate. For example, investment advisers that integrate AI into their advisory operations, including portfolio management, trading, marketing, and compliance, should expect that SEC examiners will conduct an in-depth review of the investment adviser’s compliance policies and disclosures related to these areas. Given the SEC staff’s focus on AI, investment advisers that use AI solely for non-investment advisory tasks should also consider adopting and implementing policies and procedures to implement safeguards to ensure employees do not use AI for prohibited activities. Similarly, investment advisers with clients invested in commercial real estate or other illiquid securities should expect EXAMS to focus on valuation issues related to those investments.[6]

Also, if an investment adviser utilizes a large number of independent contractors working from geographically dispersed locations, an examination may focus on supervision and oversight practices. Examinations may focus on compliance practices if an investment adviser implements changes to its business model or is new to advising particular types of assets, clients, or services.

Private Fund Advisers

The 2025 Priorities make clear that the SEC staff will continue its focus on private fund advisers. EXAMS remains focused on portfolio management risks when there is exposure to market volatility and higher interest rates and clarified that in 2025, EXAMS will specifically look at whether disclosures are consistent with actual practices and if an investment adviser met its fiduciary obligations in this context. As with previous years, EXAMS will prioritize examinations of investment advisers that have never been examined, including newly registered advisers, and those that have not been recently examined.

The 2025 Priorities also highlight EXAMS’ interest in the topic areas set forth below. Interestingly, certain of these topics appear to address practices that were addressed in the SEC’s “Private Fund Adviser Rules”[7]—which were vacated by the U.S. Court of Appeals for the Fifth Circuit on June 5, 2024[8]—including adviser-led secondary transactions and the disclosure of fees and expenses. This suggests that EXAMS staff may attempt to impose standards on private fund advisers that are consistent with the principles set forth in the Private Fund Adviser Rules, perhaps through Rules 206(4)-1 and 206(4)-8 under the Advisers Act, despite the vacatur of the Private Fund Adviser Rules.

• The accuracy of calculations and allocations of private fund fees and expenses (both fund-level and investment-level). The 2025 Priorities list areas that may impact the accuracy of fee calculations, including the valuation of illiquid assets, calculation of post commitment period management fees, offsetting of such fees and expenses, and adequacy of disclosures.
• The disclosure of conflicts of interests and risks, and adequacy of policies and procedures. The 2025 Priorities list examples of products or practices for the focus of such reviews, including: (1) the use of debt, fund-level lines of credit, investment allocations, adviser-led secondary transactions, transactions between fund(s) and/or others; (2) investments held by multiple funds; and (3) the use of affiliated service providers.
• Compliance with recently adopted SEC rules, including amendments to Form PF[9] and Rule 206(4)‑1 under the Advisers Act (the “Marketing Rule”),[10] to assess whether investment advisers to private funds have established adequate policies and procedures and whether their actual practices conform to these rules. Indeed, the SEC’s Enforcement Staff continues to bring enforcement actions against investment advisers for violations of the Marketing Rule, and we are aware of recent SEC Enforcement Staff interest in Form PF noncompliance.[11]

Investment Companies

EXAMS will continue to prioritize examinations of RICs, including mutual funds and exchange-traded funds. The 2025 Priorities emphasize specific examination focus areas, including the following: (1) fund fees and expenses, and any associated waivers and reimbursements; (2) oversight of service providers (both affiliated and third party); (3) portfolio management practices and disclosures, for consistency with claims about investment strategies or approaches and with fund filings and marketing materials; and (4) issues associated with market volatility. EXAMS will also continue to monitor RICs with exposure to commercial real estate and compliance with new and amended rules.

Broker-Dealers

Reg BI and Form CRS

EXAMS will continue to examine broker-dealers on their practices related to Reg BI and their compliance with Form CRS requirements. In particular, examinations will continue to focus on recommended products that are complex, illiquid, or present higher risk to investors (e.g., highly leveraged or inverse products, crypto assets, structured products, alternative investments, products that are not registered with the SEC, products with complex fee structures or return calculations, products based on exotic benchmarks, and products that represent a growth area for retail investment). EXAMS will also focus on the structure, marketing, fees, and potential conflicts associated with offerings by broker-dealers to retail customers, including bank sweep programs, fully paid lending programs, and mobile apps/online trading platforms.

Examinations may also focus on broker-dealers’ recommendations using automated tools or digital engagement practices and recommendations relating to opening different account types, such as option, margin, and self-directed IRA accounts.

Broker-Dealer Financial Responsibility Rules

Examinations will continue to focus on broker-dealer compliance with the Net Capital Rule (Rule 15c3-1 under the Exchange Act) and the Customer Protection Rule (Rule 15c3-3 under the Exchange Act) and related internal processes, procedures, and controls. The 2025 Priorities highlight areas of review including (1) the timeliness of financial notifications and other required filings made by the broker-dealer, and (2) the supervision of third-party or vendor-provided services that contribute to the records firms used to prepare their financial reporting information.

Broker-Dealer Trading-Related Practices and Services

EXAMS will continue to focus on broker-dealer equity and fixed income trading practices. Areas of review include:

• trading practices associated with trading in pre-IPO companies and the sale of private company shares in secondary markets;
• broker-dealers’ execution of retail orders, including (1) whether retail orders are marked as “held” or “not held,” and the consistency of the marking with retail instructions, and (2) the pricing and valuation of illiquid or retail-focused instruments such as variable rate demand obligations, other municipal securities, and non-traded real estate investment trusts (REITs); and
• compliance with Regulation SHO, including whether quoting activity is away from the inside bid/offer.

Other Market Participants

The 2025 Priorities note that EXAMS will continue to focus on:

• Municipal advisors, including whether they have met their fiduciary duty to municipal entity clients, as well as whether municipal advisors have complied with MSRB Rule G-42, which establishes the core standards of conduct and duties applicable to non-solicitor municipal advisors.
• Transfer agent processing of items and transfers, recordkeeping and record retention, safeguarding of funds and securities, and filings with the SEC.
• Security-based swap dealers (SBSDs), including whether they have implemented policies and procedures related to compliance with security-based swap rules generally and compliance with relevant conditions in SEC orders governing substituted compliance.

The 2025 Priorities note for the first time a focus on examinations of the following:

• EXAMS will begin conducting examinations of registered security-based swap execution facilities (“SBSEFs”) in late fiscal year 2025. This follows the SEC’s adoption of Regulation SE under the Exchange Act on November 2, 2023, which implemented rules and forms for the registration and regulations of SBSEFs.
• Funding portals, including whether funding portals are making and preserving required records and records related to issuers who offer and sell, or attempt to offer and sell, securities through the funding portal and the control persons of such issuers, among others. EXAMS will also review funding portals’ written policies and procedures to assess if they are reasonably designed to achieve compliance with applicable federal securities laws and rules.

Anti-Money Laundering

EXAMS remains focused on the same AML examination priorities as 2024, including reviewing whether broker-dealers and certain RICs are (1) appropriately tailoring their AML program to their business model and associated AML risks, (2) conducting independent testing, (3) establishing an adequate customer identification program, including for beneficial owners of legal entity customers, and (4) meeting their Suspicious Activity Reports (SAR) filing obligations.

If you have any questions about the 2025 Priorities, or preparing for SEC examinations, please contact a member of MoFo’s Investment Management, Broker-Dealer, or Securities Litigation, Enforcement, and White Collar Defense group.

[1] See Top 5 SEC Enforcement Developments for September 2024, MoFo Client Alert (Oct. 24, 2024).

[2] See U.S. SEC Adopts Amendments to Reg S-P, MoFo Client Alert (May 28, 2024).

[3] The compliance date for the Reg S-P amendments is December 3, 2025, for “larger entities” and June 3, 2026, for “smaller entities” (as those terms are defined the SEC’s Adopting Release for the amendments).

[4] See New SEC Rules and Amendments Shorten the Standard Securities Transaction Settlement Cycle to T+1, MoFo Client Alert (February 24, 2023).

[5] For example, FINRA conducted a recent sweep into whether registered representatives’ crypto-related activities were in compliance with FINRA Rule 3270 (Outside Business Activities of Registered Persons) and FINRA Rule 3280 (Private Securities Transactions of an Associated Person).

[6] For a more in-depth discussion of AI, please see the “AI and Other Emerging Financial Technologies” section above.

[7] See SEC Adopts Expansive Private Fund Adviser Rules, MoFo Client Alert (Sept. 1, 2023).

[8] See Fifth Circuit Vacates SEC Private Fund Adviser Rules, MoFo Client Alert (June 12, 2024).

[9] See SEC Adoption of Current Reporting and Other Amendments to Form PF, MoFo Client Alert (May 4, 2023).

[10] See Marketing Rule Implementation - Are You Ready for November 4th?, MoFo Client Alert (Sept. 23, 2022).

[11] See Significant Investment Adviser Regulatory Developments in 2024, MoFo Client Alert (Aug. 21, 2024).